Description: Luigi Auriemma has reported a vulnerability in Quake3 Engine, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the handling of overly long queries and can be exploited to shutdown or crash a vulnerable service via a specially crafted UDP datagram.
The following games use Quake3 Engine and may be affected:
* Call of Duty version 1.5 and prior
* Call of Duty: United Offensive version 1.51 and prior
* Heavy Metal: F.A.K.K.2 version 1.02 and prior
* Quake III Arena version 1.32 and prior
* Return to Castle Wolfenstein version 1.41 and prior
* Soldier of Fortune II: Double Helix version 1.03 and prior
* Star Trek Voyager: Elite Force version 1.20 and prior
* Star Trek: Elite Force II version 1.10 and prior
* Star Wars Jedi Knight II: Jedi Outcast version 1.04 and prior
* Star Wars Jedi Knight: Jedi Academy version 1.011 and prior
* Wolfenstein: Enemy Territory version 1.02 / 2.56 and prior
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.